Friday, March 29, 2024 | Ramadan 18, 1445 H
clear sky
weather
OMAN
25°C / 25°C
EDITOR IN CHIEF- ABDULLAH BIN SALIM AL SHUEILI

GCC businesses must comply with GDPR or risk hefty fines: ICAEW

1393126
1393126
minus
plus

MUSCAT, JULY 16 - Many businesses in the GCC still do not comply with the EU’s General Data Protection Regulation (GDPR) and must act immediately or risk falling behind and potentially facing fines of 20 million euros or four per cent of global annual turnover, according to ICAEW. The global accountancy and finance body has put together a GDPR checklist to facilitate compliance.


GDPR is a complex process that requires all large and small businesses, in all regions and in all industries, to strengthen protection of personal data of all EU citizens. If an organisation based outside Europe is processing personal data related to data subjects in the EU that organisation may be subject to compliance with the regulation. Companies in the GCC — and elsewhere in the world — may potentially be impacted by the GDPR if they offer products to individuals within the EU.


Michael Armstrong (pictured), ICAEW Regional Director for the Middle East, said: “Many of the GCC organisations still don’t know if GDPR affects them or if they are GDPR compliant. With the introduction of the EU’s GDPR law on May 25, 2018, organisations all over the world have had to adhere to much heightened compliance standards with the way they handle personal data. Regional leaders and businesses outside the EU must be proactive and raise awareness of the fact that they may be affected.

GDPR checklist


1. Appoint someone senior to oversee the process. It is not just a matter for the IT department, so it is essential that a senior member of staff such as a director, partner or senior manager takes responsibility for overseeing the process.


2. Review existing information and cyber security and update as necessary. This does not have to be an expensive revamp, it can just be a refresh tailored in line with the complexity of your organisation and IT set-up.


3. Map your data. Before you assess what has to be done you need to know what data you have as this will inform you what to do next.


4. Review contracts with clients, suppliers and employees to ensure GDPR compliance. You will need to understand your status and responsibilities with regard to both client data and firm data. At the very least, contracts will need to be updated to reflect the requirements of the GDPR.


5. Draft data protection policies and procedures. The GDPR introduces the principle of ‘accountability’ — this means all organisations must not only ensure they are compliant with GDPR but prove this too.


6. Train staff. Not all staff will need to understand the GDPR in its entirety but all staff should at least be aware that data protection is an issue for everyone.


SHARE ARTICLE
arrow up
home icon